The vulnerabilities in Modern Routers can let scrupulous hackers attack and get access to millions of Wi-Fi routers. One of the elements that make them work is their ability to break down large chunks of data into smaller chunks, based on the network requirements at a specific moment.
But these network plumbing features come with vulnerabilities that users can exploit to send you to malicious sites or tamper with the devices connected to the network.
Mathy Vanhoef, the researcher, found several vulnerabilities, either the way the specifications are implemented in the devices or the specifications themselves. These vulnerabilities leave you at the risk of cyber-attacks. In a single day itself, a cyber attack is launched almost every 39 seconds.
Routers are affected by several known vulnerabilities. Even if a router gets a recent update, many vulnerabilities are not even going to be fixed. The thing that makes matter worse is that exploit mitigation techniques are rarely used.
The routers that had been tested for security flaws include- Netgear, D-Link, Linksys, TP-Link, Asus, Edimax, AVM, and Synology. These routers are used by millions of people across the world. But the worst offender was TP-Link’s Archer AX6000 router and it was found to have 32 security problems. It was closely followed by Synology RT-2600AC with 30 security issues.
In case of a successful router hijack, a hacker will get complete control over all aspects of the user’s internet traffic and also attempt further attacks, such as directing the users to the phishing sites or infecting various other devices connected to the Wi-Fi router.
Which Modern Routers have Which Vulnerabilities?
Netgear’s R6400v2, D7800, and R6700v3 come with many vulnerabilities. D-Link had also posted on their site that they are investigating the reported security problem and give updates on it as soon as possible.
A D-Link spokesperson had also said that the company hasn’t used the affected software in their new router models for many years after a similar vulnerability was discovered in 2015.
A few issues have been detected more than once. Most of the time operating system is out of date for the router. As integrating a new kernel is expensive, no manufacturer updated it. The device software is often outdated since it depends on standard tools on BusyBox.
So, let’s take a look at the most common problems are-
- Outdated VPN and multi-media functions
- Outdated Linux kernel in the firmware
- Presence of hardcore credentials in a plain text format
- Over-dependence on older BusyBox functions
- Use of weak default passwords, such as ‘admin’
No matter which models you buy, the best things you need to do make is to your router more secure and change the password on the first use. Also, enable automatic updates on your router. It isn’t the perfect solution but it can minimize the risk to some extent.
Where does the Issue Lie?
The problem is with NetUSB, a Linux kernel model that has been designed by KCodes, the Taiwanese company that lets devices, such as network-ready storage or printer, get local network access through the USB port of the router.
Van Amerongen from Sentinel Labs found out that NetUSB listens for not just local-network commands on port 20005 but internet commands, too, without requiring any password or authentication.
He discovered that for creating a memory buffer overflow by specific NetUSB commands on that port number, securing control over the Linux kernel of the router. Surely, that isn’t good. Van Amerongen had admitted that due to technical reasons, doing this the right way was a little tricky but is feasible for all skilled attackers.
The restrictions make it harder to write an exploit for the vulnerabilities but it isn’t impossible. Thus, if you have a Wi-Fi router, you need to check for firmware updates.
How to Deal with Vulnerabilities in Modern Routers?
In this section, we are going to tell you about some security flaws and how to deal with them.
Firmware manages the hardware. It’s an operating system offering instructions for the processors of the router to execute, such as assigning private addresses or relaying internet traffic. However, just as with other operating systems, firmware isn’t bulletproof. You will always find a gap in the code, which can give hackers access to your network.
But routers continuously release updates to fill up the holes. The router might not always update its firmware automatically to the new secure version. So, it will leave your network open to remote attacks by hackers.
For instance, a hacker can change the settings of the router for directing your internet traffic to scrupulous websites. Also, they can give hackers control over your computers and access sensitive details.
So for example, if you access the Netgear Router Setup or some other router setup using the web browser or mobile app in their administrative panel, you should always check the router’s firmware status or if there is any new firmware update available, make sure that you keep it up to date.
Using Default Login Will Leave You Open to Hackers
A router has two audiences, the public, and your devices. As we all know hackers are most active during the time of festivals. So, anyone can get access to your router, locally or remotely, if you use the default login and password of your router.
Furthermore, anyone can find the default login details of your router over the internet even if they do not use the combination of ‘admin’ and ‘password’.
We offer instructions on how to log into the router for changing the default username and password. Use a password manager for creating and storing unique login details.
In case you use a mesh networking kit, there is no web-based back end. You need to change the username and password with the help of the supplied app.
WPS can Open Your Network to Hackers
WPS helps devices connect to the wireless network when you use it for the first time without using a password. Either press a router. Either press a button on the router or use an 8-digit PIN. However, with such easy usage comes consequences. WPS is susceptible to brute-force attacks. It is a trial-and-error method for determining the login info. A hacker can discover the first four digits of your PIN since there are just 1,100 possible combinations. Once they discover 4 digits, they can easily uncover the next 4.
The best solution for this is to update the firmware and disable WPS. The process to disable routers varies from one manufacturer to the other. That is how you can protect yourself from vulnerabilities in Modern Routers.
Remote Access can Invite Hackers
Remote access will let you load the interface of the router over the internet. For example, talking about the Netgear Routers they mainly have the default username as “admin” and the default password is “password” and due to this anyone who will try to do a new New Netgear Router Setup, can easily invite hackers that can get access from anywhere and change the username and password to route the internet traffic to nefarious websites.
You will find Remote Access controls in the Administration section of the router for disabling the feature. Switch it back on when you plan to travel and toggle it off as soon as you return.
Router Broadcasts the Model Number
Tap or click on the Wi-Fi icon of the device and chances are you can identify some names on the lists: NETGEAR, Linksys, and so on. The router owners never changed the default SSID name which is the public name and wireless networks.
That is an issue because when someone sees NETGEAR or Linksys will know that someone is the owner of these routers. Search the internet to learn about the default SSID and login pair. Use the information for accessing the router and get the login credentials of the network.
Usually, you should change the name of the network to something other than the default. Rename it to anything you want, no matter it is something simple or a label that will annoy neighbors. Change the SSID through the mobile app that the manufacturer provides or by accessing the web interface.
Most of the Vulnerabilities in Modern Routers were with the firmware of the router. Researchers found that the sheer number of vulnerabilities was caused by a combination of dependence on open-source projects for a lack of vigorous patching and code.
Protecting the network is going to be a challenge and it is going to be more so with remote employees joining the ranks of the organization. All vendors are working on their routers to some extent and even though not many follow-up tests have been conducted, the firmware updates can fill up the gap.
Make sure the firmware is up to date to sort out the bugs and flaws that you read in the research papers. Some vendors are spending more effort and time on their updates in comparison to others. In the end, all vendors are going to make some contributions to fix the issues.
Image Credit: Provided by the Author; Thank you!
Fintech Kennek raises $12.5M seed round to digitize lending
London-based fintech startup Kennek has raised $12.5 million in seed funding to expand its lending operating system.
According to an Oct. 10 tech.eu report, the round was led by HV Capital and included participation from Dutch Founders Fund, AlbionVC, FFVC, Plug & Play Ventures, and Syndicate One. Kennek offers software-as-a-service tools to help non-bank lenders streamline their operations using open banking, open finance, and payments.
The platform aims to automate time-consuming manual tasks and consolidate fragmented data to simplify lending. Xavier De Pauw, founder of Kennek said:
“Until kennek, lenders had to devote countless hours to menial operational tasks and deal with jumbled and hard-coded data – which makes every other part of lending a headache. As former lenders ourselves, we lived and breathed these frustrations, and built kennek to make them a thing of the past.”
The company said the latest funding round was oversubscribed and closed quickly despite the challenging fundraising environment. The new capital will be used to expand Kennek’s engineering team and strengthen its market position in the UK while exploring expansion into other European markets. Barbod Namini, Partner at lead investor HV Capital, commented on the investment:
“Kennek has developed an ambitious and genuinely unique proposition which we think can be the foundation of the entire alternative lending space. […] It is a complicated market and a solution that brings together all information and stakeholders onto a single platform is highly compelling for both lenders & the ecosystem as a whole.”
The fintech lending space has grown rapidly in recent years, but many lenders still rely on legacy systems and manual processes that limit efficiency and scalability. Kennek aims to leverage open banking and data integration to provide lenders with a more streamlined, automated lending experience.
The seed funding will allow the London-based startup to continue developing its platform and expanding its team to meet demand from non-bank lenders looking to digitize operations. Kennek’s focus on the UK and Europe also comes amid rising adoption of open banking and open finance in the regions.
Featured Image Credit: Photo from Kennek.io; Thank you!
Fortune 500’s race for generative AI breakthroughs
As excitement around generative AI grows, Fortune 500 companies, including Goldman Sachs, are carefully examining the possible applications of this technology. A recent survey of U.S. executives indicated that 60% believe generative AI will substantially impact their businesses in the long term. However, they anticipate a one to two-year timeframe before implementing their initial solutions. This optimism stems from the potential of generative AI to revolutionize various aspects of businesses, from enhancing customer experiences to optimizing internal processes. In the short term, companies will likely focus on pilot projects and experimentation, gradually integrating generative AI into their operations as they witness its positive influence on efficiency and profitability.
Goldman Sachs’ Cautious Approach to Implementing Generative AI
In a recent interview, Goldman Sachs CIO Marco Argenti revealed that the firm has not yet implemented any generative AI use cases. Instead, the company focuses on experimentation and setting high standards before adopting the technology. Argenti recognized the desire for outcomes in areas like developer and operational efficiency but emphasized ensuring precision before putting experimental AI use cases into production.
According to Argenti, striking the right balance between driving innovation and maintaining accuracy is crucial for successfully integrating generative AI within the firm. Goldman Sachs intends to continue exploring this emerging technology’s potential benefits and applications while diligently assessing risks to ensure it meets the company’s stringent quality standards.
One possible application for Goldman Sachs is in software development, where the company has observed a 20-40% productivity increase during its trials. The goal is for 1,000 developers to utilize generative AI tools by year’s end. However, Argenti emphasized that a well-defined expectation of return on investment is necessary before fully integrating generative AI into production.
To achieve this, the company plans to implement a systematic and strategic approach to adopting generative AI, ensuring that it complements and enhances the skills of its developers. Additionally, Goldman Sachs intends to evaluate the long-term impact of generative AI on their software development processes and the overall quality of the applications being developed.
Goldman Sachs’ approach to AI implementation goes beyond merely executing models. The firm has created a platform encompassing technical, legal, and compliance assessments to filter out improper content and keep track of all interactions. This comprehensive system ensures seamless integration of artificial intelligence in operations while adhering to regulatory standards and maintaining client confidentiality. Moreover, the platform continuously improves and adapts its algorithms, allowing Goldman Sachs to stay at the forefront of technology and offer its clients the most efficient and secure services.
Featured Image Credit: Photo by Google DeepMind; Pexels; Thank you!
UK seizes web3 opportunity simplifying crypto regulations
As Web3 companies increasingly consider leaving the United States due to regulatory ambiguity, the United Kingdom must simplify its cryptocurrency regulations to attract these businesses. The conservative think tank Policy Exchange recently released a report detailing ten suggestions for improving Web3 regulation in the country. Among the recommendations are reducing liability for token holders in decentralized autonomous organizations (DAOs) and encouraging the Financial Conduct Authority (FCA) to adopt alternative Know Your Customer (KYC) methodologies, such as digital identities and blockchain analytics tools. These suggestions aim to position the UK as a hub for Web3 innovation and attract blockchain-based businesses looking for a more conducive regulatory environment.
Streamlining Cryptocurrency Regulations for Innovation
To make it easier for emerging Web3 companies to navigate existing legal frameworks and contribute to the UK’s digital economy growth, the government must streamline cryptocurrency regulations and adopt forward-looking approaches. By making the regulatory landscape clear and straightforward, the UK can create an environment that fosters innovation, growth, and competitiveness in the global fintech industry.
The Policy Exchange report also recommends not weakening self-hosted wallets or treating proof-of-stake (PoS) services as financial services. This approach aims to protect the fundamental principles of decentralization and user autonomy while strongly emphasizing security and regulatory compliance. By doing so, the UK can nurture an environment that encourages innovation and the continued growth of blockchain technology.
Despite recent strict measures by UK authorities, such as His Majesty’s Treasury and the FCA, toward the digital assets sector, the proposed changes in the Policy Exchange report strive to make the UK a more attractive location for Web3 enterprises. By adopting these suggestions, the UK can demonstrate its commitment to fostering innovation in the rapidly evolving blockchain and cryptocurrency industries while ensuring a robust and transparent regulatory environment.
The ongoing uncertainty surrounding cryptocurrency regulations in various countries has prompted Web3 companies to explore alternative jurisdictions with more precise legal frameworks. As the United States grapples with regulatory ambiguity, the United Kingdom can position itself as a hub for Web3 innovation by simplifying and streamlining its cryptocurrency regulations.
Featured Image Credit: Photo by Jonathan Borba; Pexels; Thank you!